Subgraph OS is an operating system designed to provide a hardened Linux desktop resistant to network and malware attacks. Subgraph includes a hardened kernel, application sandboxing with per-application network rules, an application firewall and extensive security monitoring and alerting. This presentation will outline the overall design and goals of the project and detail progress so far, including a detailed description of the sandboxing implementation.